Researchers Crack Rombertik’s Anti-Cracking Feature

Status
Not open for further replies.

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
Anti-piracy craking keys available in malware's binary code
Rombertik’s protection, believed to unleash a digital doom on the systems used for analysis by malware researchers, has been cracked, and new findings show that the feature is actually intended to prevent unlicensed use of the malicious software.

Two weeks ago, security experts from Cisco Systems' Talos Group presented a report on Rombertik credential stealer, disclosing that the threat included destructive routines that would render the computer inoperable, if deployed.

The action consisted of corrupting the MBR or encrypting data in the user’s home folder and sending the machine into a continuous reboot loop.

Rombertik is a newer version of Carbon Grabber
Although the general public opinion was led to believe that the malware could react this violently on consumer’s computers, Cisco presented their discoveries as methods of evading security analysis.

They say Rombertik comes with a function that creates a hash of one of its resources and stores it in the memory of the computer. If the resource in the code or the compilation time is changed, the destructive capability is activated, and the message “Carbon crack attempt, failed_” is shown when the computer reboots.

Security researchers from Symantec analyzed the threat and concluded that the violent action is designed as an anti-piracy measure. They say that Rombertik is a newer version of an underground crimeware kit known as Carbon FormGrabber or Carbon Grabber, which explains the reference in the message.

“Each copy of Carbon Grabber is built and licensed for a particular user. It is built to only contact a predefined command-and-control (C&C) server as specified by the paying customer. It does this by embedding the address of the C&C server within its own binary code,” Symantec’s Dumitru Stama states in a blog post.


Read more: http://news.softpedia.com/news/Researchers-Crack-Rombertik-s-Anti-Cracking-Feature-481667.shtml
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top